Exetools Reverse CRC ...
 User Name Remember Me? Password
 Register Forum Rules FAQ Calendar Mark Forums Read

 Notices HTTP connection will be closed soon. Please visit eXeTools with HTTPS in the future. https://forum.exetools.com This is the ONLY ONE domain that we use. Follow @exetools on Twitter and send me a message, I will choose whether to send the invitation code. Any password problems please mailto: 883600(at)qq(dot)com

 Thread Tools Display Modes
#1
01-12-2020, 17:21
 debugasm Friend Join Date: Oct 2017 Posts: 14 Rept. Given: 0 Rept. Rcvd 1 Time in 1 Post Thanks Given: 9 Thanks Rcvd at 15 Times in 7 Posts
Reverse CRC ...

Hi,

I need help to reverse calc of CRC. This is a few sequence :

Code:
```01 00 00 46 71 - CRC E5 9F

00 00 02 00 00 02 00 00 13 24 00 00 46 71 - CRC 0B AF

00 00 01 00 00 01 00 00 15 7C 00 00 46 71 - CRC B9 8A

00 00 02 00 00 02 00 00 19 64 00 00 46 71 - CRC 9C C5```
I have tried several well-known CRCs without success.

Does anyone at a glance understand which CRC is used ?

debugasm
#2
01-13-2020, 03:01
 Abaddon Friend Join Date: May 2016 Posts: 29 Rept. Given: 0 Rept. Rcvd 2 Times in 2 Posts Thanks Given: 69 Thanks Rcvd at 27 Times in 16 Posts
Some context would help. Is there a reason to treat the algorithm as a blackbox?
#3
01-14-2020, 03:11
 chants Family Join Date: Jul 2016 Posts: 496 Rept. Given: 4 Rept. Rcvd 33 Times in 19 Posts Thanks Given: 421 Thanks Rcvd at 766 Times in 355 Posts
I think identification of CRC algorithm is a better description. Reversing a compression function in the mathematical sense is simply not possible unless there are trapdoors or biases and the like. But in the reverse engineering context I think we can imply as such.

Have you tried all CRC16 possibilities on this page in Javascript?

http://www.sunshine2k.de/coding/javascript/crc/crc_js.html

Considering it could be a truncated CRC32 or CRC64 or concatenated CRC8 of subpieces or a custom CRC, it is somewhat hard to say. If its based off a polynomial may e there is a way to find it but I've not seen a technique for this but it sounds promising. Otherwise you may need to see if you can white box reverse this.

I doubt glancing at what seem to be CRC16 type values will be trivially obvious to anyone though
#4
01-17-2020, 20:11
 Git Old Git Join Date: Mar 2002 Location: Torino Posts: 1,088 Rept. Given: 219 Rept. Rcvd 265 Times in 157 Posts Thanks Given: 82 Thanks Rcvd at 204 Times in 120 Posts
Didn't we have a thread about this subject last year?. Have you searched here for the problem Debugasm?

Git
#5
01-22-2020, 09:02
 CZC Friend Join Date: Jul 2018 Posts: 19 Rept. Given: 0 Rept. Rcvd 25 Times in 2 Posts Thanks Given: 4 Thanks Rcvd at 114 Times in 12 Posts
Quote:
 Originally Posted by debugasm Hi, I need help to reverse calc of CRC. This is a few sequence : I have tried several well-known CRCs without success. Does anyone at a glance understand which CRC is used ? debugasm
What I can tell you is that those are not CRC codes.
I have a program which computes all the known CRC codes but it
can also bruteforce the polynomial if you provide the CRC.
I've tried with reflected data, non-direct init value, reversed CRC,
swapped CRC and none matches a 16bit CRC.

Those values are computed in a different way.
 The Following 2 Users Say Thank You to CZC For This Useful Post: chants (01-22-2020), Zipdecode (01-25-2020)
#6
01-24-2020, 11:39
 chants Family Join Date: Jul 2016 Posts: 496 Rept. Given: 4 Rept. Rcvd 33 Times in 19 Posts Thanks Given: 421 Thanks Rcvd at 766 Times in 355 Posts
Hi CZC, is there a name for the polynomial finding tool? Also can you tell us for CRC-N bits how many CRC of N bits are needed to recover the polynomial and what if there are more or less bits input into CRC function does it change this requirement? For N to N bit mapping I suppose only 1 CRC value determines it, or less than N bits due to 1 to 1 mapping. But if CRC of large data, due to collisions or seems each extra bit adds a power of 2 more values needed to determine it. Anyway, this is interesting enough that it sounds you have a tool to make it easily done.

Also for questioners asking for mapping functions, remember to provide huge amounts of values or white box info if not absolutely sure. Because even CRC with an XOR which flips some bits of the result would likely throw off any ordinary detection. E.g. CRC16 ^ 0x1f1f. But as part of protocol reversing it would be nice to have powerful numeric identification tools where computation is all done server side. Of course no guarantee server is not using random numbers and tracking them with a database but it's more expensive to do such overkill solutions.

Last edited by chants; 01-24-2020 at 11:45.
#7
01-25-2020, 13:06
 CZC Friend Join Date: Jul 2018 Posts: 19 Rept. Given: 0 Rept. Rcvd 25 Times in 2 Posts Thanks Given: 4 Thanks Rcvd at 114 Times in 12 Posts
Quote:
 Originally Posted by chants Hi CZC, is there a name for the polynomial finding tool? Also can you tell us for CRC-N bits how many CRC of N bits are needed to recover the polynomial and what if there are more or less bits input into CRC function does it change this requirement?
When bruteforcing, the program finds all possible polynomials. You then narrow them down if you have several examples.

At some point in the past I was using CRCs a lot in microcontrollers and I decided to write my own tool for that.

The source code is attached, it compiles in linux and windows as a command line program.

You can use shortcuts like using hex or strings directly on the command line.
Code:
```CRC generator V1.4 \$

./getcrc [options] file(s)
-z #    polynom size
-p #    CRC polynom
-r      reverse polynom
-m      mirror (reflect) data
-n      non-direct init value
-i #    initial value
-e #    exit value
-c      reverse CRC
-a      all known CRCs
-b #    bruteforce to target CRC
-v      verbose bruteforce
-s      interpret filename as a string
-f      interpret filename as a hex string
-C      check CRC values for the "123456789" input
-t      trace CRC generation
-T      dump CRC table and exit```
Attached Files
 getcrc.zip (22.1 KB, 10 views)
 The Following 3 Users Say Thank You to CZC For This Useful Post: Abaddon (01-25-2020), besoeso (01-28-2020), chants (01-26-2020)

 Thread Tools Display Modes Linear Mode

 Posting Rules You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Forum Rules

 Similar Threads Thread Thread Starter Forum Replies Last Post suddenLy General Discussion 4 12-11-2014 22:37 obfuscator General Discussion 3 11-26-2014 18:53

All times are GMT +8. The time now is 09:20.

 Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )